What is the “Heart bleed bug” and how can it affect you

Share This

Tags

The Heart Bleed virus has been affecting millions of websites on the Internet for two years, but there are ways to protect yourself from the bug, according to reports.

Though users don’t have much power over the Heart Bleed virus — website administrators and creators have to update their OpenSSL software — there are ways to defend important passwords on Gmail, Facebook, Yahoo! and other sites.

The Heart Bleed virus allows hackers to exploit a flaw in the OpenSSL encryption software used by a majority of major websites to steal data like credit card numbers, passwords, and other personal information. The first defense for Internet users, then, is to change your passwords to protect your information from being taken and abused.

However, if a major website is still vulnerable to the Heart Bleed bug, changing a password won’t matter; the website would have to update their software first. To defend against this, an online tool called the Heartbleed test was created to test if a website has been compromised by the virus. Simply type the web address of the website into the box, and it will let you know whether it is safe. Sites like Facebook, Gmail, Amazon, Yahoo!, Twitter and others have already updated their software.

The Heart Bleed virus basically takes advantage of OpenSSL encryption software, which is standard for many websites and designated by the small padlock symbol. When messaging back and forth on a secure connection — think Facebook or Gmail messaging — sometimes a computer wants to check if the other computer is still available. They check by send a small packet of data, called a “heartbeat,” which is then confirmed. The flaw allows hackers to use a fake packet of data, which tricks the computer into responding with data stored in its memory.

Worse, this flaw is undetectable by current standards and has existed under the radar for about two years. For an in-depth analysis and FAQ on the Heart Beat virus

The flaw was discovered by security firm Codenomicon and Neel Mehta, a Google security researcher. They said that even if you don’t frequently use the internet, you are most likely affected by the bug.

“You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commercial site, hobby site, sites you install software from or even sites run by your government might be using vulnerable OpenSSL.”

Microsoft IIS Web and Windows 2012 File servers are immune to heartbleed, since they don’t use open source.

Funny how he mentions that Facebook, Gmail, Amazon, Yahoo!, Twitter and others “fixed it” quickly (after 2 years) but never mentions that all Microsoft web servers are not even vulnerable, as well as Hotmail, MSN, live and outlook.com email accounts!

Who says they are immune ? Rubbish ! If there is any attack MS Servers and software are the first to get affected. After all it is Microsoft that created a Virus framework called MS Windows ! Microsoft has absolutely no appreciations as far as security is concerned. If Hotmail is not infected may be HeartBleed is one of it’s modules in the code !

I thinker Microsoft server can be easiliy hacked as they don’t use open source and they don’t much update themselves more often while linux is robust and open source and more often updated by open source community.

I do trust all the ideas you have introduced for your post.
They are very convincing and can certainly work. Still, the posts are too brief for newbies.
Could you please prolong them a little from next time?
Thank you for the post.

Do you have a spam issue on this blog; I also am a blogger, and I was curious about your situation; many
of us have developed some nice methods and we are looking to swap
solutions with other folks, why not shoot me an email if interested.

Do you mind if I quote a few of your posts as long as I provide credit and sources back
to your blog? My website is in the very same niche as yours and my users
would really benefit from a lot of the information you present here.

The sketch is tasteful, your authored subject matter stylish.
nonetheless, you command get got an shakiness over
that you wish be delivering the following. unwell unquestionably come more formerly again since exactly the same nearly very often inside case you shield this hike.

Nymi also has motion and proximity sensors, that means that gesture-based mostly logins are possible.
There are a lot of other possibilities while, relying on what is
crucial to you and how a lot you want to devote. The user’s locale can be acquired from the GPS sensor and then applied
to identify what applications he or she may perhaps want at a specific area and time.